Computer security

Computer security is a field of computer science concerned with the control of risks related to computer use.

The means traditionally taken to realize this objective is to attempt to create a trusted and secure computing platform, designed so that agents (users or programs) can only perform actions that have been allowed. This involves specifying and implementing a security policy. The actions in question can be reduced to operations of access, modification and deletion. Computer security can be seen as a subfield of security engineering, which looks at broader security issues in addition to computer security.

In a secure system the authorised users of that system are still able to do what they should be able to do. One might be able to secure a computer beyond misuse using extreme measures:

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.�

Eugene H. Spafford, director of the Purdue Center for Education and Research in Information Assurance and Security.

However, this would not be regarded as a useful secure system.

It is important to distinguish the techniques used to increase a system's security from the issue of that system's security status. In particular, systems which contain fundamental flaws in their security designs cannot be made secure without compromising their usability. Consequently, most computer systems cannot be made secure even after the application of extensive "computer security" measures. Furthermore, if they are made secure, often it is to the detriment of usability.